US Sanctions North Korean Hacker For Sony, WannaCry Cyberattacks

Park Jin Hyuk hacked for North Korea's government or ruling party, the U.S. Treasury Department says.

First Assistant U.S. Attorney Tracy Wilkison announces charges against North Korean national Park Jin Hyok in a range of cyberattacks, in Los Angeles, California, Sept. 6, 2018.

The United States on Thursday sanctioned and lodged criminal charges in absentia against a North Korean hacker it said was involved in the 2017 global WannaCry ransomware cyberattack, the theft of $81 million from Bangladesh’s central bank, and the 2014 cyber assault on Sony Corp.

The U.S. Treasury Department said it sanctioned “North Korean computer programmer Park Jin Hyok for having engaged in significant activities undermining cybersecurity through the use of computer networks or systems against targets outside of North Korea on behalf of the Government of North Korea or the Workers’ Party of Korea.”

The U.S. Department of Justice unsealed criminal charges against Park and Treasury also sanctioned Park’s employer, Chosun Expo Joint Venture, also called Korea Expo Joint Venture (KEJV), it said. The firm is an “agency, instrumentality, or controlled entity” of the North Korea government, it added.

Park was “part of the conspiracy responsible for conducting, among others, the February 2016 cyber-enabled fraudulent transfer of $81 million from Bangladesh Bank, the ransomware used in the May 2017 ‘WannaCry 2.0’ cyber-attack, and the November 2014 cyber-attack on Sony Pictures Entertainment,” Treasury said in a statement.

The Justice Department’s 179-page criminal complaint said that Park and his co-conspirators operated from North Korea, China, and other places. He was part of a team of hackers known as the Lazarus Group, which tried to breach U.S. businesses, including defense contractor Lockheed Martin Corp., it said.

“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” said Treasury Secretary Steven Mnuchin.

“The United States is committed to holding the regime accountable for its cyber-attacks and other crimes and destabilizing activities,” he added in comments accompanying the treasury announcement.

U.S. officials had said in 2014 that North Korean hackers were behind the cyber intrusion into Sony, which came after Pyongyang grew enraged with the movie "The Interview" that portrayed the U.S.-backed assassination of a character resembling North Korean leader Kim Jong Un.

The 2017, WannaCry ransomware attack hit thousands of businesses around the world through a computer virus that encrypted files, rendering many systems inoperable.

“North Korea has demonstrated a pattern of disruptive and harmful cyber activity that is inconsistent with the growing consensus on what constitutes responsible state behavior in cyberspace,” Treasury said in a statement.

“Our policy is to hold North Korea accountable and demonstrate to the regime that there is a cost to its provocative and irresponsible actions,” it added.

The sanctions and charges were unveiled hours after Donald Trump tweeted praise from the North Korean leader and as Washington struggled to keep its nuclear disarmament talks with Pyongyang on track.

“Kim Jong Un of North Korea proclaims ‘unwavering faith in President Trump’. Thank you to Chairman Kim. We will get it done together!” Trump tweeted earlier on Thursday.

The Trump administration has voiced frustration that North Korea has not followed through on nuclear disarmament pledges made at a summit between Trump and Kim in Singapore in June.

"While it is highly unlikely this North Korean hacker will ever see the inside of a U.S. court, the Trump Administration is right to point out the threat posed by North Korea's cyber warriors, arguably the most powerful weapon Pyongyang has in its arsenal--after nuclear weapons,” said Harry Kazianis, director of defense studies at the Center for the National Interest, a Washington think tank.

“Cyber weapons, in many respects, level the playing field making the weak stronger. Likely positioned all over the world in a decentralized fashion, North Korea's cyber warriors can attack from multiple different points, looking for security gaps in America's power grid, nuclear infrastructure or even military networks,” he told RFA’s Korean Service.

Reporting by Kyung Ha Rhee for RFA’s Korean Service and by Paul Eckert for the English Service. Written by Paul Eckert